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DETAILED ACTION 

1 . This written action is responding to the communication dated on 04/19/2007. 

Election/Restrictions 

2. Applicant elected without traverse group I, claims 1-16, 32-39 and 56-71, in the 
reply filed on April 19 th , 2007. 

3. Claims 17-31 , 40-55 and 72-85 corresponding to group 2 and group 3 are 
withdrawn from further consideration as drawn to a non-elected invention. 

Claim Objections 

4. Claims 1, 8, 15, 16, 70 and 71 are objected to for lack of antecedent basis: 
Claim 1 recites "a user key" in line 5. 

Claim 8 recites "each master key" in line 8. 
Claim 15 recites "the selected user id" in line 17. 
Claim 16 recites "the selected id" in line 6. 
Claim 70 recites "the selected user id" in line 13. 
Claim 71 recites "the selected user id" in line 7. 
Appropriate correction is required. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the- subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-6, 9-10, 32-36, 38-39 and 56-65 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Challener et al. (Pub. No.: US 2003/0105980 A1), hereinafter 
"Challener" in view of Bailey (Patent No.: US 7,205,883 B2). 

7. As to claim 1 , Challener discloses a method comprising: creating a data structure 
including a plurality of user id-user key pairs (FIG. 1, [0019]), each user id-user key pair 
comprising a user id associated with one of a plurality of users (FIG. 1 , [0019], [0021]). 
Challener doesn't explicitly disclose a user key comprising a master key encrypted 
using a password associated with the one of the plurality of users; and delivering the 
data structure to one or more of the plurality of users. 

However, Bailey discloses a user key comprising a master key encrypted using a 
password associated with the one of the plurality of users (FIG. 4, column 8, lines 7-25, 
"...the password retrieved from the host system is used to create a wrapping key 

K the SAK is wrapped using key K to produce a K-wrapped secondary 

authentication key..."); and delivering the data structure to one or more of the plurality of 
users (column 8, lines 7-25, "The [SAK]. sub. K is transmitted to the host site..."). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Challener as taught by Bailey 
in order to improve security in password-based access to a network. 
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8. As to claims 32 and 56, these are rejected using the same rationale as for the 
rejection of claim 1 . 

9. As to claim 57, it is rejected using the same rationale as for the rejection of claim 
1. 

10. As to claims 2, 33, 58 and 59, Challener doesn't explicitly disclose wherein the 
act of delivering comprises delivering the data structure to each of the plurality of users. 
However, Bailey discloses wherein the act of delivering comprises delivering the data 
structure to each of the plurality of users (column 8, lines 7-25, "The [SAKJ.sub.K is 
transmitted to the host site..."). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Challener as taught by Bailey 
in order to support multiple users in password-based access to a network. 

11. As to claims 3 and 60, Challener discloses a hash of the password associated 
with the one of the plurality of users (FIG. 1 , [0002]). Challener doesn't explicitly 
disclose wherein each master key is encrypted using a hash of the password. However, 
Bailey discloses wherein each master key is encrypted using a hash of the password 
(FIG. 4, column 8, lines 7-25). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Challener as taught by Bailey 
in order to improve security in password-based access to a network. 

12. As to claims 4, 5, 34, 35, 61 and 62, these are rejected using the same rationale 
as for the rejection of claim 3. 

13. As to claims 6, 36 and 63, Challener discloses wherein each user key has an 
integrity verification feature associated therewith ([0019], "The phrase signed with the 
loaded private key is then compared with the stored signed phrase associated with the 
remote user.."). 

14. As to claims 9, 38 and 64, Challener discloses wherein each user key includes a 
checksum ([0002], [0019]). 

15. As to claims 10, 39 and 65, Challener discloses wherein each user key includes 
a keyed-hash message authentication code ([0019], "The phrase signed with the loaded 
private key is then compared with the stored signed phrase associated with the remote 
user.."). 
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16. Claims 7-8, 11-15, 37 and 66-70 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Challener in view of Bailey and further in view of Thomlinson et al. 
(Patent No.: US 6,272,631 B1), hereinafter "Thomlinson". 

17. As to claims 7, 8 and 37, neither Challener nor Bailey explicitly discloses wherein 
each master key has an integrity verification feature associated therewith. However, 
Thomlinson discloses wherein each master key has an integrity verification feature 
associated therewith (column 10, lines 30-65, "The master authentication key is used in 
conjunction with the specified MAC to verity that the master key decrypted correctly"). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention was made to modify the teaching of Challener and Bailey as taught by 
Thomlinson in order to increase security by verifying the remote user's identity. 

18. As to claims 11 and 66, neither Challener nor Bailey explicitly discloses 
transforming data using the master key. However, Thomlinson discloses transforming 
data using the master key (column 10, lines 30-65, "The master key is then used to 
decrypt an appropriate item key. . . "). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention was made to modify the teaching of Challener and Bailey as taught by 
Thomlinson in order to increase security by verifying the remote user's identity. 
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19. As to claims 12 and 67, neither Challener nor Bailey explicitly disclose storing 
data transformed using the master key; and controlling access by the plurality of users 
to the transformed data. However, Thomlinson discloses storing data transformed using 
the master key (column 9, lines 65-67, "The item key and item authentication key are 
then encrypted using a master key"); and controlling access by the plurality of users to 
the transformed data (column 9, lines 50-67 and column 10, lines 1-10). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention was made to modify the teaching of Challener and Bailey as taught by 
Thomlinson in order to increase security by verifying the remote user's identity. 

20. As to claims 13 and 68, Challener discloses receiving a user id and user 
password from one of the plurality of users ([0019], [0021]). Neither Challener nor Bailey 
explicitly discloses storing data transformed using the master key; and controlling 
access to the transformed data by the one of the plurality of users based on the 
received user id and user password. However, Thomlinson discloses storing data 
transformed using the master key (column 9, lines 50-67 and column 10, lines 1-10); 
and controlling access to the transformed data by the one of the plurality of users based 
on the received user id and user password (column 9, lines 30-67 and column 10, lines 
1-10). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention was made to modify the teaching of Challener and Bailey as taught by 
Thomlinson in order to increase security by verifying the remote user's identity. 
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21 . As to claims 14 and 69, these are rejected using the same rationale as for the 
rejection of claim 13. 

22. As to claims 15 and 70, Challener discloses receiving a user id and user 
password from one of the plurality of users ([0019], [0021]); selecting a user key from 
the data structure based on the received user id (FIG. 1, [0019], [0021]). Challener 
doesn't explicitly disclose storing data transformed using the master key; decrypting the 
selected user id using the received password to reproduce the master key; and using 
the master key to access the data. 

However, Bailey discloses decrypting the selected user id using the received 
password to reproduce the master key (FIG. 4, column 8, lines 7-25, "..K-unwrapping of 
[SAK].sub.K."). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Challener as taught by Bailey 
in order to improve security in password-based access to a network. 

Neither Challener nor Bailey explicitly discloses storing data transformed using 
the master key; and using the master key to access the data. 

However, Thomlinson discloses storing data transformed using the master key 
(column 9, lines 65-67, "The item key and item authentication key are then encrypted 
using a master key"); and using the master key to access the data (column 9, lines 30- 
67 and column 10, lines 1-10). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention was made to modify the teaching of Challener and Bailey as taught by 
Thomlinson in order to increase security by verifying the remote user's identity. 

23. Claims 16 and 71 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Challener and further in view of Bailey, Thomlinson and Tewfik et al. (Pub. No.: US 
2003/0095685 A1), hereinafter "Tewfik". 

24. As to claims 16 and 71, Challener discloses receiving a user id and user 
password from one of the plurality of users ([0019], [0021]); selecting a user key from 
the data structure based on the received user id (FIG. 1, [0019], [0021]). Hashing the 
received password to produce a hash value (FIG. 1, [0002]). Challener doesn't explicitly 
disclose storing data watermarked using the master key; decrypting the selected user id 
using the received password to reproduce the master key; and using the master key to 
access the watermarked data. 

However, Bailey discloses decrypting the selected user id using the received 
password to reproduce the master key (FIG. 4, column 8, lines 7-25, "..K-unwrapping of 
[SAK].sub.K."). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Challener as taught by Bailey 
in order to improve security in password-based access to a network. 
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Neither Challener nor Bailey explicitly discloses storing data watermarked using 
the master key; and using the master key to access the watermarked data. 

However, Thomlinson discloses storing data transformed using the master key 
(column 9, lines 65-67, "The item key and item authentication key are then encrypted 
using a master key"); and using the master key to access the data (column 9, lines 30- 
67 and column 10, lines 1-10). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
of the invention was made to modify the teaching of Challener and Bailey as taught by 
Thomlinson in order to increase security by verifying the remote user's identity. 

Neither Challener and Bailey nor Thomlinson explicitly discloses watermarked 
data. However, Tewfik discloses watermarked data ([0015], [0020]). Therefore it would 
have been obvious to one of ordinary skill in the art at the time of the invention was 
made to modify the teaching of Challener, Bailey and Thomlinson as taught by Tewfik in 
order to protect contents from unauthorized duplication. 

Conclusion 

25. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See accompanying PTO 892. 

• US 68341 12 B2 - Secure distribution of private keys to multiple clients. 

• US 2002/0144128 A1 - Secure remote access and transmission. 
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26. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Suman Debnath whose telephone number is 571 270 
1256. The examiner can normally be reached on 8 am to 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim y. Vu can be reached on 571 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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